Malicious "Flash Player" add-on

Status

()

The Mozilla Toolkit is a set of APIs, built on top of Gecko, which provide advanced services to XUL applications. These services include Profile Management, Chrome Registration, Browsing History, Extension and Theme Management, Application Update Service, and Safe Mode. (More info)

Attachments

(1 attachment)

Created attachment 606354[details]
20120315_fb_video_update.zip
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11
Steps to reproduce:
Downloaded the add-on from http://vidsforeveryone472.com/x/FacebookVideoUpdate.xpi
Actual results:
The add-on uses the contained, obfuscated, JS file "s.js" to harvest all of your Facebook cookies and post them to a 3rd party server.
Those cookies can be, and are being, used to hijack the user's account and spam Facebook users from their own servers.
Expected results:
It shouldn't steal your Facebook cookies and send them to a third-party server.